malwarewikiaorg-20200223-history
Rooting (Android)
Rooting is the process of allowing users of devices running the Android operating system to attain privileged control (known as root access) over various Android subsystems. As Android uses the Linux kernel, rooting an Android device gives similar access to administrative (superuser) permissions as on Linux or any other Unix-like operating system such as FreeBSD or macOS. Details Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices. Thus, rooting gives the ability (or permission) to alter or replace system applications and settings, run specialized applications that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system, usually with a more recent release of its current operating system. Root access is sometimes compared to jailbreaking devices running the Apple iOS operating system. Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, removing pre-installed applications, and low-level access to the hardware itself (rebooting, controlling status lights, or recalibrating touch inputs.) A typical rooting installation also installs the Superuser application, which supervises applications that are granted root or superuser rights by requesting approval from the user before granting said permissions. A secondary operation, unlocking the device's bootloader verification, is required to remove or replace the installed operating system. In contrast to iOS jailbreaking, rooting is not needed to run applications distributed outside of the Google Play Store, sometimes called sideloading. The Android OS supports this feature natively in two ways: through the "Unknown sources" option in the Settings menu and through the Android Debug Bridge. Advantages Advantages of rooting include the possibility for complete control over the look and feel of the device. As a superuser has access to the device's system files, all aspects of the operating system can be customized with the only real limitation being the level of coding expertise. Immediately expectable advantages of rooted devices include the following: * Support for themes like Substratum, allowing everything to be visually changed from the color of the battery icon, to the boot animation that appears while the device is booting, and more. * Full control of the kernel, which, for example, allows overclocking and underclocking the CPU and GPU. * Full application control, including the ability to backup, restore, or batch edit applications, or to remove bloatware that comes pre-installed on many phones. * Custom automated system-level processes through the use of third-party applications. * Ability to install a custom firmware (also known as a custom ROM) or software (such as Xposed, Magisk, BusyBox, etc.) that allows additional levels of control on a rooted device. Methods Some rooting methods involve use of the command prompt and development interface called Android Debug Bridge (ADB), while other methods may use specialized applications like Kingo Root and be as simple as clicking one button. Devices, or sometimes even different variants of the same device, can have different hardware configurations. Thus, if the guide, ROM, or root method used is for a device variant with a different hardware setup, there is a risk of bricking the device. In recent years, there is a new method of rooting Android devices called "systemless root". Systemless root uses various techniques to gain root access without modifying the system partition of a device. One example is Magisk, which also has an ability to hide root access from other applications that refuse to work, such as Safetynet protected applications like Android Pay and Pokémon Go. The distinction between "soft rooting" through a third-party application which uses a security vulnerability ("root exploit") and "hard-rooting" by flashing a su binary executable is sometimes made. If a phone can be soft rooted, it is vulnerable to malware. SuperOneClick is probably the most famous rooting tool because it can root all types of Android phones and versions using a USB connection to a computer and executing it. Varieties The process of rooting varies widely by device, but usually includes exploiting one or more security bugs in the firmware of (i.e., in the version of the Android OS installed on) the device. Once an exploit is discovered, a custom recovery image that will skip the digital signature check of firmware updates can be flashed. Then a modified firmware update that typically includes the utilities needed to run apps as root can be installed. For example, the su binary (such as an open-source one paired with the Superuser or SuperSU application) can be copied to a location in the current process' PATH (e.g., /system/xbin/) and granted executable permissions with the chmod command. A third-party supervisor application, like Superuser or SuperSU, can then regulate and log elevated permission requests from other applications. Many guides, tutorials, and automatic processes exist for popular Android devices facilitating a fast and easy rooting process. The process of rooting a device may be simple or complex, and it even may depend upon serendipity. For example, shortly after the release of the HTC Dream (HTC G1), it was discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware leaked, which gave users the ability to downgrade and use the original exploit to gain root access. Manufacturer support Some manufacturers, including LG, HTC, and Motorola, provide official support for unlocking the bootloader which allows for rooting without exploiting a vulnerability. However, the support may be limited only to certain phones - for example, LG released its bootloader unlock tool only for certain models of its phones. The Google-branded Android Google Nexus line of devices can be boot-loader unlocked by simply connecting the device to a computer while in boot-loader mode and running the Fastboot protocol with the command fastboot oem unlock. After accepting a warning, the boot-loader is unlocked, so a new system image can be written directly to flash without the need for an exploit. Difficulties In the past, many manufacturers have tried to make non-rootable phones with more elaborate protections (like the Droid X), but they are usually still rootable in some way. There may be no root exploit available for new or recently updated phones, but one is usually available within a few months. Category:Fundamental concept Category:Android Category:Rootkit Category:Android rootkit Category:Root (Android)